1 CLAIMS 

2 1. An authentication engine architecture for an multi-loop, multi-round 

3 authentication algorithm, comprising: 

4 a first instantiation of a multi-round authentication algorithm hash round logic 

5 in an inner hash engine; 

6 a second instantiation of a multi-round authentication algorithm hash round 

7 logic in an outer hash engine; 

8 a dual-frame payload data input buffer configured for loading one new data 

9 block while another data block one is being processed in the inner hash engine; 

10 an initial hash state input buffer configuration for loading initial hash states to 

1 1 the inner and outer hash engines for concurrent inner hash and outer hash operations; 

12 and 

13 a dual -ported ROM configured for concurrent constant lookups for both inner 

14 and outer hash engines. 

15 2. The authentication engine architecture of claim 1, wherein the multi-loop, 

16 multi-round authentication algorithm is HMAC-MD5. 

17 3. The authentication engine architecture of claim 1, wherein the multi-loop, 

18 multi-round authentication algorithm is HMAC-SHA1 . 

19 4. The authentication engine architecture of claim 1, wherein at least one of the 

20 inner and outer hash engines is configured to implement hash round logic including at 

21 least one addition module comprising: 

22 a plurality of carry save adders for computation of partial products; and 

23 a carry look-ahead adder for computation and propagation of a final sum. 

24 5. The authentication engine of claim 4, wherein the carry save adders and the 

25 carry look-ahead adder are configured such that addition computations are conducted 

26 in parallel with round operations. 

27 6. The authentication engine architecture of claim 3, wherein at least one of the 

28 inner and outer hash engines is configured to implement hash round logic comprising: 

29 five hash state registers; 
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30 one critical and four non-critical data paths associated with the five registers, 

3 1 such that in successive SHA1 rounds, registers having the critical path are alternative. 

32 7. The authentication engine architecture of claim 6, wherein said hash round 

33 logic is implemented such that eighty rounds of an SHA1 loop are collapsed into forty 

34 rounds. 

35 8. The authentication engine architecture of claim 3, wherein at least one of the 

36 inner and outer hash engines is configured to implement hash round logic comprising: 

37 five hash state registers; 

38 a 5 -bit circular shifter; 

39 an add5to 1 adder module having a plurality of CSAs and a CLA adder; 

40 a 30-bit circular shifter; and 

41 an add4tol adder module having a plurality of CSAs and a CLA adder. 

42 9. An authentication engine architecture for a multi-round authentication 

43 algorithm, comprising: 

44 a hash engine configured to implement hash round logic for a multi-round 

45 authentication algorithm, said hash round logic implementation including at least one 

46 addition module comprising, 

47 a plurality of carry save adders for computation of partial products, and 

48 a carry look-ahead adder for computation and propagation of a final sum. 

49 10. The authentication engine of claim 9, wherein the carry save adders and the 

50 carry look-ahead adder are configured such that addition computations are conducted 

5 1 in parallel with round operations. 

52 11. The authentication engine architecture of claim 9, wherein the multi -round 

53 authentication algorithm is MD5. 

54 12. The authentication engine architecture of claim 9, wherein the multi-round 

55 authentication algorithm is SHA1 . 

56 13. The authentication engine architecture of claim 12, wherein the hash round 

57 logic implementation comprises: 
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58 five hash state registers; 

59 a 5 -bit circular shifter; 

60 an add5tol adder module having a plurality of CSAs and a CLA adder; 

61 a 30-bit circular shifter; and 

62 an add4tol adder module having a plurality of CSAs and a CLA adder. 

63 14. An authentication engine architecture for an SHA1 authentication algorithm, 

64 comprising: 

65 at least one hash engine configured to implement hash round logic comprising: 

66 five hash state registers; 

67 one critical and four non-critical data paths associated with the five registers, 

68 such that in successive SHA1 rounds, registers having the critical path are alternative. 

69 15. The authentication engine architecture of claim 14, wherein said hash round 

70 logic is implemented such that eighty rounds of an SHA1 loop are collapsed into forty 

71 rounds. 

72 16. A method of authenticating data transmitted over a computer network, 

73 comprising: 

74 receiving a data packet stream; 

75 splitting the packet data stream into fixed-size data blocks; and 

76 processing the fixed-size data blocks using a multi-loop, multi-round 

77 authentication engine architecture having a hash engine core comprising an inner hash 

78 engine and an outer hash engine, said architecture configured to, 

79 pipeline hash operations of said inner hash and outer hash engines, 

80 collapse and rearrange multi-round logic to reduce rounds of hash 

81 operations, and 

82 implement multi-round logic to schedule addition computations to be 

83 conducted in parallel with round operations. 
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84 17. The method of claim 16, wherein said pipelining comprises performance of an 

85 outer hash operation for one data payload in parallel with an inner hash operation of a 

86 second data payload in a packet stream fed to the authentication engine. 

87 18. The method of claim 17, wherein a dual-frame input buffer is used for the 
8 8 inner hash engine . 

89 1 9. The method of claim 1 8, wherein initial hash states for the hash operations are 

90 double buffered for concurrent inner hash and outer hash operations. 

91 20. The method of claim 19, wherein concurrent constant lookups are performed 

92 from a dual-ported ROM by both inner and outer hash engines. 

93 21. The method of claim 16, wherein the multi-loop, multi -round authentication 

94 algorithm is MD5. 

95 22. The method of claim 16, wherein the multi-loop, multi-round authentication 

96 algorithm is SHA1. 

97 23 . The method of claim 22 wherein said scheduling of additions comprises: 

98 conducting a 5 -bit circular shift on data from a first register; 

99 adding an initial hash state in a second register, a first payload data block, a 

100 first constant, and the result of a function (F t ) of the initial hash states in third, fourth 

101 and fifth additional registers with an add5tol adder module having a plurality of 

102 CSAs and a CLA adder; 

103 conducting a 30-bit circular shift on data from the third additional register; and 

104 adding the initial hash state in the fourth additional register to a second 

105 payload block, a second constant, and the result of a function (F t ) of the initial hash 

106 states in the first and fifth registers and the shifted hash state of the third register with 

107 an add4tol adder module having a plurality of CSAs and a CLA adder. 

108 24. The method of claim 22, wherein said collapsing and rearranging of the multi- 

109 round logic comprises: 

l io providing five hash state registers; and 

111 providing data paths from said five state registers such that four of the five 

1 12 data paths from the registers in any SHA1 round are not timing critical. 
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113 25. The method of claim 24, wherein, in successive SHA1 rounds, registers having 

114 the critical path are alternative. 

1 15 26. The method of claim 25, wherein eighty rounds of an SHA1 loop are collapsed 

116 into forty rounds. 

117 27. A method of authenticating data transmitted over a computer network, 

118 comprising: 

1 1 9 receiving a data packet stream; 

120 splitting the packet data stream into fixed-size data blocks; and 

121 processing the fixed-size data blocks using a multi-round authentication 

122 engine architecture, said architecture implementing hash round logic for a multi-round 
- 123 authentication algorithm configured to schedule addition computations to be 
* 124 conducted in parallel with round operations. 

, " 125 28. The method of claim 27 wherein said hash round logic comprises: 
] 26 conducting a 5-bit circular shift on data from a first register; 

~ _ 127 adding an initial hash state in a second register, a first payload data block, a 

128 first constant, and the result of a function (F t ) of the initial hash states in third, fourth 

129 and fifth additional registers with an add5tol adder module having a plurality of 

130 CS As and a CLA adder; 

131 conducting a 30-bit circular shift on data from the third additional register; and 

132 adding the initial hash state in the fourth additional register to a second 

133 payload block, a second constant, and the result of a function (F t ) of the initial hash 

134 states in the first and fifth registers and the shifted hash state of the third register with 

135 an add4tol adder module having a plurality of CSAs and a CLA adder. 

136 29. A method of authenticating data transmitted over a computer network using an 

137 SHA1 authentication algorithm, comprising: 

138 providing five hash state registers; and 

139 providing data paths from said five state registers such that four of the five 

140 data paths from the registers in any SHA1 round are not timing critical. 
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141 30. The method of claim 29, wherein, in successive SHA1 rounds, registers having 

142 the critical path are alternative. 

143 31. The method of claim 30, wherein eighty rounds of an SHA1 loop are collapsed 

144 into forty rounds. 

145 
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